Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [Wireshark-bugs] [Bug 2794] Questionable display filter fiel

From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Tue, 24 Jul 2012 11:53:20 -0400

Maybe it’s enough just to remind the user to check the on-line Display Filter Reference page[1] rather than trying to manually track every change.

- Chris

[1]: http://www.wireshark.org/docs/dfref/

 

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of mmann78@xxxxxxxxxxxx
Sent: Sunday, July 22, 2012 8:39 AM
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] [Wireshark-bugs] [Bug 2794] Questionable display filter fields

 

Just let me know if you want me to keep track of the changed "first field of a protocol filter" for release note purposes.  Per bug 2794, I planned on changing a bunch once I can come up with a consistent naming convention (and then change dissectors to follow that convention).  The two biggest areas are "multiple subdissectors of a particular protocol" (ie H.248) and "common collection of protocols" (ie zbee, scsi).  My current thought is to have "multiple subdissectors of a particular protocol" keep the dot notation, (ie h248.<subprotocol>.<subprotocol field>) and have the "common collection of protocols" have an underscore inbetween (ie zbee_<protocol>.<subprotocol field>).  Comments are welcome. 

 

Technically, I don't think ntppriv -> ntp.priv shouldn't need to be noted because "ntppriv" is not a dissector.  Those fields are part of a structure within "ntp".   To me this was one of the goals of bug 2794 - to ensure the first field always correponds to a dissector filter name.

-----Original Message-----
From: Joerg Mayer <jmayer@xxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Sun, Jul 22, 2012 7:55 am
Subject: Re: [Wireshark-dev] [Wireshark-bugs] [Bug 2794] Questionable display filter fields

Should we update the release notes if the first field of a protocol filter 
changes?
In this particular example I've noticed two while looking at about 5 protocols
(pap -> prap, ntpptiv -> ntp.priv).
 
Ciao
     Jörg
 
On Sat, Jul 21, 2012 at 08:15:43PM -0700, bugzilla-daemon@xxxxxxxxxxxxx wrote:
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2794
> 
> Michael Mann <mmann78@xxxxxxxxxxxx> changed:
> 
>            What    |Removed                     |Added
> ----------------------------------------------------------------------------
>    Attachment #6362|review_for_checkin?         |review_for_checkin-
>               Flags|                            |
> 
> --- Comment #32 from Michael Mann <mmann78@xxxxxxxxxxxx> 2012-07-21 20:15:42 
PDT ---
> Comment on attachment 6362
>   --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6362
> Fixing some more of the simpler "questionable" display filters
> 
> checked in different version of a comparible path to revision 43907
> 
-- 
 

CONFIDENTIALITY NOTICE: The information contained in this email message is intended only for use of the intended recipient. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately delete it from your system and notify the sender by replying to this email.  Thank you.